1934 matches found
CVE-2025-61873
Summary: CVE-2025-61873 affects Best Practical Request Tracker (RT). The connected Debian advisory confirms the issue is a CSV injection vulnerability in RT exports to TSV from search results, caused by ticket values containing certain characters and exported in TSV, enabling injection. Debian li...
GO-2026-4303 Mattermost Server is vulnerable CSV Injection in github.com/mattermost/mattermost-server
Mattermost Server is vulnerable CSV Injection in github.com/mattermost/mattermost-server...
CVE-2023-25348
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
CVE-2023-31294
CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer CPTO version 6.3.8.6 718, allows remote attackers to obtain sensitive information via the Delivery Name field...
CVE-2021-27839
A CSV injection vulnerability found in Online Invoicing System OIS 4.3 and below can be exploited by users to perform malicious actions such as redirecting admins to unknown or harmful websites, or disclosing other clients' details that the user did not have access to...
CVE-2016-10762
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used...
CVE-2022-23868
RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...
CVE-2022-37786
An issue was discovered in WeCube Platform 3.2.2. There are multiple CSV injection issues: the Home / Admin / Resources page, the Home / Admin / System Params page, and the Home / Design / Basekey Configuration page...
CVE-2022-0142
The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...
CVE-2022-26249
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack...
CVE-2017-18900
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report...
CVE-2019-20184
KeePass 2.4.1 allows CSV injection in the title field of a CSV export...
CVE-2020-12468
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/...
CVE-2021-41270
Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula...
CVE-2022-35281
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335...
CVE-2021-41128
Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports Statistics & BAG MED contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get...
CVE-2019-16120
CSV injection in the event-tickets Event Tickets plugin before 4.10.7.2 for WordPress exists via the "All Post Ticketed Attendees" Export Attendees feature...
CVE-2019-16959
SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket...
CVE-2018-25135
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...
CVE-2018-25135
CVE-2018-25135 affects Anviz AIM CrossChex Standard 4.3.6.0. The CSV injection vulnerability arises from user import fields (e.g., Name, Gender, Position) that can contain malicious formulas, triggering Excel macro execution when importing user data. Reported impact includes command execution in ...